12-11-2013 03:31 AM
Hello Experts,
I have a request as below.
Traffic hits ACE on VIP which is a https traffic with SSL offloading and then traffic should be redirected to subdirectory which is mentioned below. I can redirect the traffic and make a try but it's not working with SSL rewrite and with action list. Can https traffic be redirected to subdirectory? My SSL offloading is working well but when i type the URL it give me HTTP respnose code as 403 forbidden, it looks that a proper action list is needed to redirect to subdirectory. Please suggest.
eg: https://abc-tx.mn.abc.net to
12-11-2013 05:12 AM
Hi Abhik,
You want ACE to redirect the traffic coming in on VIP or you want that ACE shall rewrite the server response and rewrite the redirect responses which might be in HTTP?
The HTTPS to HTTPS redirection is exactly like HTTP plus SSL offloading that you need to configure and it should work fine. Can you share your configuration and explain what exactly is the requirment. You are saying you can redirect the traffic but it is not working with SSL rewrite and with action list. I am not sure what exactly is the configuration and what is expected.
Regards,
Kanwal
12-11-2013 05:22 AM
Hi Kanwal,
I have erased the ssl rewrite as was focussing on http header rewrite function with action list.
My requirement is that traffic would come to ACE as https://abc-tx.mn.abc.net and it should redirect traffic to https://abc-tx.mn.abc.net/int. On IIS they are not redirecting the traffic to /int subdirectory. So we need to make this happen on ACE.Can you please let me know from scratch how i can achieve it. FYI backend rservers are only listening on port 443 and not 80.
Thanks in advance kanwal.
regards
Abhik
12-11-2013 05:32 AM
Hi Abhik,
There is a problem. The problem is that you are redirecting from HTTPS to HTTPS and HOSTNAME is same. When the user will come again with /int it will still come on same VIP and will get redirected again. This will be a problem. If it was HTTP to HTTPS redirection then scenario would have been different and it would have matched a different class-map condition. Is it a possibility to redirect from http to https or it has to be https to https. We can create class-map based on http url and try.
Regards,
Kanwal
12-11-2013 05:39 AM
Hi Kanwal,
I am aware of http to https redirection to subdirectory and i am sure it will work. But for this specific requirement i am not able to achieve it. We need to achieve only with https to https redirection to subdirectory /int. .
And yes i agree with you that we can create a class map with http type . Do you have any idea how to bind the actual VIP and the class with http url and call it on multi-match. if you can help me with example config with the request it would be great.
thanks again!!
12-11-2013 08:37 AM
Hi Abhik,
Some thing like this:
class-map match-all LB
2 match virtual-address 10.10.10.10 tcp eq https
class-map type http loadbalance match-all URL
2 match http url abc.com
class-map type http loadbalance match-all URL1
2 match http url abc.com/test
policy-map type loadbalance first-match LB
class URL
serverfarm Redirect
class URL1
serverfarm Webfarm
policy-map multi-match LB1
class LB
loadbalance vip inservice
loadbalance policy LB
NOTE: This is just an example. When you try this in your set up please ensure that you apply SSL-PROXY configuration for HTTPS redirection and normal LB. If your servers also listen on 443 you will also need end to end ssl.
Regards,
Kanwal
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide